diff options
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/backup/restic.nix | 174 | ||||
| -rw-r--r-- | nixos/modules/services/games/asf.nix | 78 |
2 files changed, 154 insertions, 98 deletions
diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 8ff8e31864b..333fdd494e3 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -96,13 +96,22 @@ in }; repository = mkOption { - type = types.str; + type = with types; nullOr str; + default = null; description = '' repository to backup to. ''; example = "sftp:backup@192.168.1.100:/backups/${name}"; }; + repositoryFile = mkOption { + type = with types; nullOr path; + default = null; + description = '' + Path to the file containing the repository location to backup to. + ''; + }; + paths = mkOption { type = types.nullOr (types.listOf types.str); default = null; @@ -142,7 +151,7 @@ in extraBackupArgs = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = '' Extra arguments passed to restic backup. ''; @@ -153,7 +162,7 @@ in extraOptions = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = '' Extra extended options to be passed to the restic --option flag. ''; @@ -172,7 +181,7 @@ in pruneOpts = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = '' A list of options (--keep-* et al.) for 'restic forget --prune', to automatically prune old snapshots. The @@ -197,9 +206,25 @@ in ''; example = "find /home/matt/git -type d -name .git"; }; + + backupPrepareCommand = mkOption { + type = with types; nullOr str; + default = null; + description = '' + A script that must run before starting the backup process. + ''; + }; + + backupCleanupCommand = mkOption { + type = with types; nullOr str; + default = null; + description = '' + A script that must run after finishing the backup process. + ''; + }; }; })); - default = {}; + default = { }; example = { localbackup = { paths = [ "/home" ]; @@ -225,66 +250,85 @@ in config = { warnings = mapAttrsToList (n: v: "services.restic.backups.${n}.s3CredentialsFile is deprecated, please use services.restic.backups.${n}.environmentFile instead.") (filterAttrs (n: v: v.s3CredentialsFile != null) config.services.restic.backups); systemd.services = - mapAttrs' (name: backup: - let - extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; - resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; - filesFromTmpFile = "/run/restic-backups-${name}/includes"; - backupPaths = if (backup.dynamicFilesFrom == null) - then if (backup.paths != null) then concatStringsSep " " backup.paths else "" - else "--files-from ${filesFromTmpFile}"; - pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ - ( resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts) ) - ( resticCmd + " check" ) - ]; - # Helper functions for rclone remotes - rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1; - rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); - rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v); - toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; - in nameValuePair "restic-backups-${name}" ({ - environment = { - RESTIC_PASSWORD_FILE = backup.passwordFile; - RESTIC_REPOSITORY = backup.repository; - } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs' (name: value: - nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) - ) backup.rcloneOptions) // optionalAttrs (backup.rcloneConfigFile != null) { - RCLONE_CONFIG = backup.rcloneConfigFile; - } // optionalAttrs (backup.rcloneConfig != null) (mapAttrs' (name: value: - nameValuePair (rcloneAttrToConf name) (toRcloneVal value) - ) backup.rcloneConfig); - path = [ pkgs.openssh ]; - restartIfChanged = false; - serviceConfig = { - Type = "oneshot"; - ExecStart = (optionals (backupPaths != "") [ "${resticCmd} backup --cache-dir=%C/restic-backups-${name} ${concatStringsSep " " backup.extraBackupArgs} ${backupPaths}" ]) - ++ pruneCmd; - User = backup.user; - RuntimeDirectory = "restic-backups-${name}"; - CacheDirectory = "restic-backups-${name}"; - CacheDirectoryMode = "0700"; - } // optionalAttrs (backup.environmentFile != null) { - EnvironmentFile = backup.environmentFile; - }; - } // optionalAttrs (backup.initialize || backup.dynamicFilesFrom != null) { - preStart = '' - ${optionalString (backup.initialize) '' - ${resticCmd} snapshots || ${resticCmd} init - ''} - ${optionalString (backup.dynamicFilesFrom != null) '' - ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} > ${filesFromTmpFile} - ''} - ''; - } // optionalAttrs (backup.dynamicFilesFrom != null) { - postStart = '' - rm ${filesFromTmpFile} - ''; - }) - ) config.services.restic.backups; + mapAttrs' + (name: backup: + let + extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; + resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; + filesFromTmpFile = "/run/restic-backups-${name}/includes"; + backupPaths = + if (backup.dynamicFilesFrom == null) + then if (backup.paths != null) then concatStringsSep " " backup.paths else "" + else "--files-from ${filesFromTmpFile}"; + pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ + (resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts)) + (resticCmd + " check") + ]; + # Helper functions for rclone remotes + rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1; + rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); + rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v); + toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; + in + nameValuePair "restic-backups-${name}" ({ + environment = { + RESTIC_PASSWORD_FILE = backup.passwordFile; + RESTIC_REPOSITORY = backup.repository; + RESTIC_REPOSITORY_FILE = backup.repositoryFile; + } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs' + (name: value: + nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) + ) + backup.rcloneOptions) // optionalAttrs (backup.rcloneConfigFile != null) { + RCLONE_CONFIG = backup.rcloneConfigFile; + } // optionalAttrs (backup.rcloneConfig != null) (mapAttrs' + (name: value: + nameValuePair (rcloneAttrToConf name) (toRcloneVal value) + ) + backup.rcloneConfig); + path = [ pkgs.openssh ]; + restartIfChanged = false; + serviceConfig = { + Type = "oneshot"; + ExecStart = (optionals (backupPaths != "") [ "${resticCmd} backup --cache-dir=%C/restic-backups-${name} ${concatStringsSep " " backup.extraBackupArgs} ${backupPaths}" ]) + ++ pruneCmd; + User = backup.user; + RuntimeDirectory = "restic-backups-${name}"; + CacheDirectory = "restic-backups-${name}"; + CacheDirectoryMode = "0700"; + } // optionalAttrs (backup.environmentFile != null) { + EnvironmentFile = backup.environmentFile; + }; + } // optionalAttrs (backup.initialize || backup.dynamicFilesFrom != null || backup.backupPrepareCommand != null) { + preStart = '' + ${optionalString (backup.backupPrepareCommand != null) '' + ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand} + ''} + ${optionalString (backup.initialize) '' + ${resticCmd} snapshots || ${resticCmd} init + ''} + ${optionalString (backup.dynamicFilesFrom != null) '' + ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} > ${filesFromTmpFile} + ''} + ''; + } // optionalAttrs (backup.dynamicFilesFrom != null || backup.backupCleanupCommand != null) { + postStart = '' + ${optionalString (backup.backupCleanupCommand != null) '' + ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand} + ''} + ${optionalString (backup.dynamicFilesFrom != null) '' + rm ${filesFromTmpFile} + ''} + ''; + }) + ) + config.services.restic.backups; systemd.timers = - mapAttrs' (name: backup: nameValuePair "restic-backups-${name}" { - wantedBy = [ "timers.target" ]; - timerConfig = backup.timerConfig; - }) config.services.restic.backups; + mapAttrs' + (name: backup: nameValuePair "restic-backups-${name}" { + wantedBy = [ "timers.target" ]; + timerConfig = backup.timerConfig; + }) + config.services.restic.backups; }; } diff --git a/nixos/modules/services/games/asf.nix b/nixos/modules/services/games/asf.nix index ea2bfd40fff..31a112d6c74 100644 --- a/nixos/modules/services/games/asf.nix +++ b/nixos/modules/services/games/asf.nix @@ -13,6 +13,8 @@ let # is in theory not needed as this is already the default for default builds UpdateChannel = 0; Headless = true; + } // lib.optionalAttrs (cfg.ipcPasswordFile != "") { + IPCPassword = "#ipcPassword#"; }); ipc-config = format.generate "IPC.config" cfg.ipcSettings; @@ -81,8 +83,7 @@ in type = format.type; description = '' The ASF.json file, all the options are documented <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config">here</link>. - Do note that `AutoRestart` and `UpdateChannel` is always to `false` -respectively `0` because NixOS takes care of updating everything. + Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything. `Headless` is also always set to `true` because there is no way to provide inputs via a systemd service. You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod">here</link>. ''; @@ -92,6 +93,11 @@ respectively `0` because NixOS takes care of updating everything. default = { }; }; + ipcPasswordFile = mkOption { + type = types.path; + description = "Path to a file containig the password. The file must be readable by the <literal>asf</literal> user/group."; + }; + ipcSettings = mkOption { type = format.type; description = '' @@ -115,14 +121,12 @@ respectively `0` because NixOS takes care of updating everything. options = { username = mkOption { type = types.str; - description = - "Name of the user to log in. Default is attribute name."; + description = "Name of the user to log in. Default is attribute name."; default = ""; }; passwordFile = mkOption { type = types.path; - description = - "Path to a file containig the password. The file must be readable by the <literal>asf</literal> user/group."; + description = "Path to a file containig the password. The file must be readable by the <literal>asf</literal> user/group."; }; enabled = mkOption { type = types.bool; @@ -131,8 +135,7 @@ respectively `0` because NixOS takes care of updating everything. }; settings = mkOption { type = types.attrs; - description = - "Additional settings that are documented <link xlink:href=\"https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#bot-config\">here</link>."; + description = "Additional settings that are documented <link xlink:href=\"https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#bot-config\">here</link>."; default = { }; }; }; @@ -156,6 +159,7 @@ respectively `0` because NixOS takes care of updating everything. users = { users.asf = { home = cfg.dataDir; + homeMode = "700"; isSystemUser = true; group = "asf"; description = "Archis-Steam-Farm service user"; @@ -176,8 +180,7 @@ respectively `0` because NixOS takes care of updating everything. Group = "asf"; WorkingDirectory = cfg.dataDir; Type = "simple"; - ExecStart = - "${cfg.package}/bin/ArchiSteamFarm --path ${cfg.dataDir} --process-required --no-restart --service --no-config-migrate"; + ExecStart = "${cfg.package}/bin/ArchiSteamFarm --path ${cfg.dataDir} --process-required --no-restart --service --no-config-migrate"; # mostly copied from the default systemd service PrivateTmp = true; @@ -202,29 +205,38 @@ respectively `0` because NixOS takes care of updating everything. } ]; - preStart = '' - mkdir -p config - rm -f www - rm -f config/{*.json,*.config} - - ln -s ${asf-config} config/ASF.json - - ${strings.optionalString (cfg.ipcSettings != {}) '' - ln -s ${ipc-config} config/IPC.config - ''} - - ln -s ${pkgs.runCommandLocal "ASF-bots" {} '' - mkdir -p $out/lib/asf/bots - for i in ${strings.concatStringsSep " " (lists.map (x: "${getName x},${x}") (attrsets.mapAttrsToList mkBot cfg.bots))}; do IFS=","; - set -- $i - ln -s $2 $out/lib/asf/bots/$1 - done - ''}/lib/asf/bots/* config/ - - ${strings.optionalString cfg.web-ui.enable '' - ln -s ${cfg.web-ui.package}/lib/dist www - ''} - ''; + preStart = + let + createBotsScript = pkgs.runCommandLocal "ASF-bots" { } '' + mkdir -p $out + # clean potential removed bots + rm -rf $out/*.json + for i in ${strings.concatStringsSep " " (lists.map (x: "${getName x},${x}") (attrsets.mapAttrsToList mkBot cfg.bots))}; do IFS=","; + set -- $i + ln -fs $2 $out/$1 + done + ''; + replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; + in + '' + mkdir -p config + + cp --no-preserve=mode ${asf-config} config/ASF.json + ${replaceSecretBin} '#ipcPassword#' '${cfg.ipcPasswordFile}' config/ASF.json + + ${optionalString (cfg.ipcSettings != {}) '' + ln -fs ${ipc-config} config/IPC.config + ''} + + ${optionalString (cfg.ipcSettings != {}) '' + ln -fs ${createBotsScript}/* config/ + ''} + + rm -f www + ${optionalString cfg.web-ui.enable '' + ln -s ${cfg.web-ui.package}/lib/dist www + ''} + ''; }; }; }; |